Terminal devices such as remote computers, PDAs and cellular telephones are increasingly used to communicate with secure networks and secure network services through the Internet, WAN (wide area network), LAN (local area network) and other communication mediums. Although network and internet protocols (IP) generally provide reliable and scalable communications over real-world networks, such communications are inherently insecure. Thus secured networks accessed thereby are vulnerable to compromise by unauthorized third parties, for example by transmission eavesdropping, communication hijacking, IP spoofing and other techniques.
In order to maintain network security it is necessary to provide for secure terminal communications with terminal devices. For example, terminal devices may be required to utilize Secure Shell (SSH) network standards and protocols to establish a secure channel with the secure network resource. SSH generally uses public-key cryptography and message authentication codes to authenticate a remote terminal device and/or the user thereof and provide confidentiality and integrity of data exchanged between the two. In some configurations a user must supply a user identification and password to log on or otherwise initiate a SSH terminal session, thereby ensuring that the terminal session has been opened by an authorized user and that secure data and resources may be made available only to the extent authorized by the specific user identification and password provided. When the user is finished with the session and logs off or otherwise terminates the session, further access to the secure resources is denied absent another login of user ID and password.
However, once an SSH session is open security is maintained only if access to the session is limited to the authorized user(s). One problem arises when an authorized user fails to maintain full and active control of an open session to preclude unauthorized party access. For example, a logged-on and properly authorized user may abandon a terminal session without logging off to temporarily direct his attention or his actual physical presence away from an authorized terminal device, usually with the intention of quickly returning and resuming the session. In general the threat of unauthorized party access to secure network resources during an active and abandoned terminal session proportionately increases with the increases in the elapsed time of abandonment.
One simple, common and effective technique for minimizing secure network exposure to unauthorized parties through an unattended authorized secure terminal session is to “time out” the session after a predetermined period of idleness or inactivity. Thus where no user activity is evidenced by keystrokes or other inputs over an elapsed time out period the session manager may terminate the session, optionally by first prompting the user for an input proving his presence and active attention at the terminal device and then terminating the session if the prompt generates no meaningful reply. And in general, the shorter the time out period the lower the secure data exposure, and thus the higher the secure attribute of the secure session.
However, in real world applications providing for shorter time out periods may actually decrease network security. Users consider reinitiating terminated sessions inconvenient, time consuming and even emotionally aggravating, and thus are known to take steps to actively defeat time out mechanisms and keep idle sessions open well beyond defined idle periods. Accordingly it is known for authorized users to actively circumvent a time out period by running an automaton or other self-operating computer program on the authorized terminal device, thus imitating an active user by transmitting characters or commands on a regular basis and thereby spoofing the secure network into thinking a human user is actively working at the computer. For example an automaton may occasionally transmit a single “return,” which is accepted by most terminal session SSH shells as a null operation, spoofing a network into perceiving that a user is still working during an idle session though no meaningful data operations are being performed. And although improved security techniques may require non-null characters to be transmitted within an idle time period, this may be easily circumvented by a program that transmits one or more harmless trivial commands, such as commands to display the time or date.
Although an authorized user may have no malicious intent in defeating idle time monitoring routines, system security is nonetheless breached significantly, particularly if a terminal device is left physically unattended during such an improperly extended time-out period.